Skip to content
🚨 Catch 6clicks at AISA CyberCon 2024 | A CISO's playbook for achieving ISO 42001 certification to secure the benefits of AI 🚨

Resources

Curated content for the cyber, risk and compliance professional: We cover the latest on cybersecurity, frameworks, risk, and compliance trends.

Show filters
All
Answers
Framework comparisons
Events
Glossary
Guides
Analyst research
eBooks
Datasheets
Pitch decks

Glossary

Topics
All ISO 27001 Right Fit For Risk (RFFR) PCI-DSS NIST Cybersecurity Framework (CSF) Information Security Management System (ISMS) ASD Essential 8 FedRAMP Defence Industry Security Program (DISP) Enterprise Risk Management Regulatory Compliance Australian Financial Services Compliance Vulnerability Management Cybersecurity Compliance SOC 2 NIST SP 800-53 ISO 27000 NIST SP 800-171 HITRUST Common Security Framework Center for Internet Security (CIS) Framework MITRE ATT&CK ENISA National Capabilities Assessment Framework UK Cyber Essentials GDPR GRC Software Information Security Registered Assessors Program (IRAP) Vendor Risk Management APRA CPS 234 Cybersecurity Risk Management Environmental, Social, and Governance (ESG) CMMC ISO 27017 Federated GRC Responsible AI Artificial Intelligence Critical Infrastructure Managed Services Software: Streamlining Cyber GRC Processes Security Clearance Threat Intelligence Trusted Information Security Assessment Exchange (TISAX) Digital Operational Resilience Act (DORA) Cyber Resilience
SSAE 18

Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued b...

Vendor Risk Management
Vendor Assessment

Vendor Assessment is the process of evaluating potential suppliers and vendors to determine their ab...

Vendor Risk Management
Vendor Management Policy

A Vendor Management Policy is a set of guidelines and procedures designed to ensure that vendors pro...

Vulnerability Management
Vulnerability Management: Securing Your System

Vulnerability Management is the process of identifying, assessing, and prioritizing vulnerabilities ...

The Health Insurance Portability and Accountabilit...

The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that pr...

Governance Risk & Compliance (GRC) Software

Governance, Risk & Compliance (GRC) Software is a type of software that provides organizations w...

Compliance Automation Software

Compliance Automation Software is a type of software designed to automate the process of ensuring co...

Enterprise Risk Management, Regulatory Compliance
Compliance Risk Management

Compliance risk management is the process of identifying, assessing, monitoring, and mitigating comp...

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) is a certification program created by the United S...

Association of International Certified Professiona...

The Association of International Certified Professional Accountants (AICPA) is an organization that ...

Attestation of Compliance (AOC)

Attestation of Compliance (AOC) is a formal declaration from an organization or individual that conf...

ISO 27001
ISO/IEC 27001 Annex A Controls

ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can b...

Information Security Management System (ISMS)
Information Security Management System (ISMS)

An Information Security Management System (ISMS) is a comprehensive set of policies, procedures, con...

Enterprise Risk Management
Risk Source

Risk Source is a term used to describe the origin of a potential risk that could affect an organizat...

Consequence

Consequence is the result or effect of an action, decision, or set of circumstances. It is the outco...

Communication and consultation

Communication and consultation is the process of exchanging information and ideas between two or mor...

Incident management

Incident management is the process of managing the lifecycle of all incidents that occur within an o...

Regulatory Compliance
Policy management

Policy management is the process of developing, implementing, and maintaining organizational policie...

Notifiable data breach

A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of per...

Vendor Risk Management
Third-party risk management

Third-party risk management is the process of identifying, assessing, and mitigating risks associate...

Vendor Risk Management
Health Information Trust Alliance (HITRUST)

The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to pro...

Office of the Australian Information Commissioner ...

The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency crea...

FedRAMP
FedRAMP

FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that provid...

Vulnerability Management
Vulnerability

Vulnerability is a state of being open to potential harm, either physically, emotionally, or psychol...

AFSL Authorised Representative

An AFSL Authorised Representative is an individual or organisation that has been authorised by an Au...

Australian Securities and Investments Commission (...

The Australian Securities and Investments Commission (ASIC) is an independent Australian government ...

SOC 2
SOC 1

SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an ind...

SOC 3

SOC 3 is an internationally recognized standard that is used to assess and report on the security an...

SOC Reports

SOC Reports, or Service Organization Control Reports, are independent third-party audit reports that...

SSAE 16

Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard issued b...